This site uses cookies to deliver our services and to show you relevant ads and job listings.
By using our site, you acknowledge that you have read and understand our Cookie Policy, Privacy Policy, and our Terms of Service.
Your use of Stack Overflow’s Products and Services, including the Stack Overflow Network, is subject to these policies and terms.

Join us in building a kind, collaborative learning community via our updated
Code of Conduct.

Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. Join them; it only takes a minute:

I have a machine running Ubuntu which I SSH to from my Fedora 14 machine. I want to forward X from the Ubuntu machine back to Fedora so I can run graphical programs remotely. Both machines are on a LAN.

I know that the -X option enables X11 forwarding in SSH, but I feel like I am missing some of the steps.

What are the required steps to forward X from a Ubuntu machine to Fedora over SSH?

I know this is rather common, but I am having issues. A definitive answer for this question would be helpful for many. Lots of examples around seem omit important details.
– Mr. ShickadanceMay 6 '11 at 17:41

10 Answers
10

X11 forwarding needs to be enabled on both the client side and the server side.

On the client side, the -X (capital X) option to ssh enables X11 forwarding, and you can make this the default (for all connections or for a specific conection) with ForwardX11 yes in ~/.ssh/config.

On the server side, X11Forwarding yes must specified in /etc/ssh/sshd_config. Note that the default is no forwarding (some distributions turn it on in their default /etc/ssh/sshd_config), and that the user cannot override this setting.

The xauth program must be installed on the server side. If there are any X11 programs there, it's very likely that xauth will be there. In the unlikely case xauth was installed in a nonstandard location, it can be called through ~/.ssh/rc (on the server!).

Note that you do not need to set any environment variables on the server. DISPLAY and XAUTHORITY will automatically be set to their proper values. If you run ssh and DISPLAY is not set, it means ssh is not forwarding the X11 connection.

To confirm that ssh is forwarding X11, check for a line containing Requesting X11 forwarding in the ssh -v -X output. Note that the server won't reply either way.

@user: No, you never need xhost +. xhost is from a gentler era when having a machine connected to the network meant you were trustworthy. xhost + means anyone who can spoof your IP can take control of your X server session. ssh -X will set up all the required authorizations. If X11 forwarding disabled in the server config, talk to your administrator; if that doesn't work, see Forwarding X11 over SSH if the server configuration doesn't allow it.
– GillesMay 6 '11 at 22:52

4

Thanks for mentioning xauth! Lack of that on a barebones server was causing me trouble.
– vasiApr 9 '13 at 6:53

2

+1 for making the distinction between ~/.ssh/config and /etc/ssh/sshd_config in the same place. I could not tell if they were different' files or just a change in nomenclature.
– pukNov 13 '13 at 7:48

1

@KhurshidAlam It doesn't matter whether the server is also running a GUI environment. Check the permissions on the .Xauthority file. If using Red Hat or other system with SELinux, check the SELinux context, see unix.stackexchange.com/questions/36540/…
– GillesJan 6 '14 at 12:30

6

after ssh -X run xterm & to get a graphical terminal as the ultimate test to see if it's working.
– Alexander TaylorMay 29 '14 at 17:18

To get X11 forwarding working over ssh, you'll need 3 things in place.

Your client must be set up to forward X11.

Your server must be set up to allow X11 forwarding.

Your server must be able to set up X11 authentication.

If you have both #1 and #2 in place but are missing #3, then you'll end up with an empty DISPLAY environment variable.

Soup-to-nuts, here's how to get X11 forwarding working.

On your server, make sure /etc/ssh/sshd_config contains:

X11Forwarding yes
X11DisplayOffset 10

You may need to SIGHUP sshd so it picks up these changes.

cat /var/run/sshd.pid | xargs kill -1

On your server, make sure you have xauth installed.

belden@skretting:~$ which xauth
/usr/bin/xauth

If you don't have xauth installed, you'll run into the "empty DISPLAY environment variable" problem.

On your client, connect to your server. Be certain to tell ssh to allow X11 forwarding. I prefer

belden@skretting:~$ ssh -X blyman@the-server

but you may like

belden@skretting:~$ ssh -o ForwardX11=yes blyman@the-server

or you can set this up in your ~/.ssh/config.

I was running into this empty DISPLAY environment variable earlier today when ssh'ing into a new server that I don't administer. Tracking down the missing xauth part was a bit fun. Here's what I did, and what you can do too.

On my local workstation, where I am an administrator, I verified that /etc/ssh/sshd_config was set up to forward X11. When I ssh -X back in to localhost, I do get my DISPLAY set correctly.

Forcing DISPLAY to get unset wasn't too hard. I just needed to watch what sshd and ssh were doing to get it set correctly. Here's the full output of everything I did along the way.

In ssh_config file, remove the front hash # before Port 22 and Protocol 2, and also append a new line at the end of the file to state the xauth file location, XauthLocaion /usr/bin/xauth, remember write your own path of xauth file.

To add to the previous excellent answers (setting up ~/.ssh/config and checking to see if the DISPLAY environment variable is set on the client, setting up /etc/ssh/sshd_config and installing xauth on the server), also make sure xterm is installed on the client, e.g.

X11Forwarding must be set on the SSH server (in your case the Ubuntu box) in its sshd_config, and you must allow X11 to be forwarded for the SSH client (your Fedora box) by passing the -X option or editing the ssh_config file to add the ForwardX11 default.

ssh will automatically set $DISPLAY if X11Forwarding is enabled and xauth is present on the client system.
– ShadurMay 6 '11 at 18:58

@Shadur Not for me. It works when I export DISPLAY=:10.0 but not otherwise. Otherwise, it complains that it cannot find :0. Maybe something else is needed for this to happen automatically?
– cfrMar 6 '17 at 17:39

-b This option indicates that xauth should attempt to break any authority file locks before proceeding. Use this
option only to clean up stale locks.

Using

xauth -b

On the machine that I was trying to ssh into broke the lock on xauth. Logging out of the ssh session after issuing xauth -b then logging back in finally allowed me to successfully echo $DISPLAY. Definitely try this before re-creating .Xauthority